diff --git a/app.py b/app.py
index 3d75228..7eb8b55 100644
--- a/app.py
+++ b/app.py
@@ -341,9 +341,10 @@ def route_admin_songs_id_delete(id):
 @app.cache.cached(timeout=15, query_string=True)
 def route_api_preview():
     song_id = request.args.get('id', None)
-    if not song_id or not re.match('^[0-9]+$', song_id):
+    if not song_id or not re.match('^[0-9]{1,9}$', song_id):
         abort(400)
 
+    song_id = int(song_id)
     song = db.songs.find_one({'id': song_id})
     if not song:
         abort(400)